Hackers Set Fire To An Iranian Steelworks

Uploaded on 2022-07-20 in INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

It's extremely rare for hackers, who operate in the digital world, to cause damage in the physical world, but a cyber attack on a steel maker in Iran is being seen as a significant event.

The attack caused "massive damage" to a steel factory, causing an emergency shutdown.

A hacking group calling itself 'Predatory Sparrow' has claimed responsibility for the attack, which it said caused a serious fire and has subsequently released a video to back up its story. 

The video appears to be CCTV footage of the incident, showing factory workers leaving part of the plant before a machine starts spewing molten steel and fire. The video ends with people pouring water on the fire with hoses. In another video that surfaced online, factory staff can be heard shouting for firefighters to be called and describing damage to the equipment. 

Now, security experts are asking who is behind 'Predatory Sparrow' which some say is state-sponsored military hacking group. Its name, a play on the name of the Iranian cyber warfare group, Charming Kitten, could be a clue suggesting that it's a country with a strong interest in Iran. Also known by its Persian name, 'Gonjeshke Darande' the group say this was one of three attacks it carried out against Iranian steel makers in June, in response to unspecified acts of "aggression" carried out by the Islamic Republic.

The group has also started sharing gigabytes of data it claims to have stolen from the companies, including confidential emails. On its Telegram page Predatory Sparrow posted: "These companies are subject to international sanctions and continue their operations despite the restrictions. These cyber attacks, being carried out carefully to protect innocent individuals." That last sentence has attracted considerable attention as, from their public claim, the hackers knew that they were putting lives in danger and were careful to make sure the factory was empty before launching their attack. 

This has led many to wonder whether Predatory Sparrow is a professional and tightly regulated team of state-sponsored military hackers, who may even be obliged to carry out risk assessments before they launch an operation.

"They claim themselves to be a group of hacktivists, but given their sophistication, and their high impact, we believe that the group is either operated, or sponsored by, a nation state," says Itay Cohen, head of cyber research at Check Point Software.

Iran has been the victim of a spate of recent cyber-attacks that have had an impact in the real world but nothing as serious as this since the 2010 Stuxnet attack on Iran's uranium enrichment facilities. Stuxnet was a computer virus that damaged or destroyed centrifuges at Iran's uranium enrichment facility in Natanz, hampering its nuclear programme. The attack has been widely attributed to Israel and US military hackers working in combination, although this has never been officially confirmed.  

Since Stuxnet, there have been very few confirmed cases of physical damage and nation-state cyber attacks of this kind are more commonly designed to cause disruption, without causing real physical damage. That may now be about to change.

If Predatory Sparrow is a state-sponsored military hacking group, which country does it represent? According to Israeli media reports, Defence Minister Benny Gantz has ordered an investigation into leaks that led to Israeli journalists heavily hinting that Israel is behind the hack. The minister is possibly concerned that Israel's "ambiguity policy" on its operations against Iran might have been broken.

In October last year Predatory Sparrow claimed responsibility for taking Iran's national fuel station payment system offline. The group also said it had been behind a hack that hijacked digital billboards on roads, making them display a message saying, "Khamenei, where is our fuel?" - a reference to the country's supreme leader, Ayatollah Ali Khamenei. In both cases, the hackers showed a degree of responsibility by warning Iran's emergency services in advance about the potential chaos that could result.

Check Point researchers say they have also found code in the malicious software used by Predatory Sparrow that matches code used by another group, called Indra, that is thought to have hacked Iranian train station displays in 2021. The steel factory attack, however, is a sign that the stakes are getting higher.

IQStock:    HeadTopics:     BBC:     Yahoo:        Shout Radio:    Userwalls:     Nation World News:  

You Might Also Read: 

Israel & Iran Locked In Cyber Conflict:

 

« Migrating to the Cloud: Security Risks and Concerns
Millions Of Canadian Households & Businesses Offline »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

NCC Group

NCC Group

NCC Group is a global cyber and software resilience business operating across multiple sectors, geographies and technologies.

Q-CERT

Q-CERT

Q-CERT is the National Computer Security Emergency Team of Qatar.

CyberSource

CyberSource

CyberSource provides online payment and fraud management services for medium and large-sized merchants.

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

Norwegian Information Security laboratory (NISlab)

Norwegian Information Security laboratory (NISlab)

NISlab conducts international competitive research in information and cyber security and operates study programs in this area.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

SecuGen

SecuGen

SecuGen is a leading provider of advanced, optical fingerprint recognition technology, products, tools and platforms for physical and information security.

CynergisTek

CynergisTek

CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry.

Computer Forensic Services

Computer Forensic Services

Computer Forensic Services are digital evidence specialists. Practice areas include Information Security, e-Discovery, Law Enforcement Support and Litigation.

Neupart

Neupart

Neupart provides Information Security Management System, Secure ISMS, allowing organisations to automate IT Governance, Risk and Compliance management.

Stealthcare

Stealthcare

Stealthcare is a full service, global cyber security firm offering solutions that educate, empower and protect.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

CyCraft Technology Corp

CyCraft Technology Corp

CyCraft is an AI company that forges the future of cybersecurity resilience through autonomous systems and human-AI collaboration.

HSB

HSB

HSB offers insurance for equipment breakdown, cyber risk, data breach, identity recovery & employment practices liability.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

Computer Futures

Computer Futures

Computer Futures are a global specialist IT recruitment partner, matching candidates with roles across niche IT markets and core technologies.

Twilio

Twilio

Twilio are the customer layer for the internet, powering the most engaging interactions companies build for their customers. We provide simple tools that solve hard problems.